<?php

	function CheckLogin($mysql){
	
		$loggedin = false;
		if((isset($_COOKIE['username'])) && (isset($_COOKIE['password'])) && (isset($_COOKIE['session']))){ 
			$username = $_COOKIE['username'];
			$password = $_COOKIE['password'];
			$session = $_COOKIE['session'];
			
			$mysql->query("select * from users where username = '$username' and password = '$password' and session = '$session'");
			if($mysql->numrows()==0){
				$loggedin = false;
			}
			else{
				$loggedin = true;
			}
		}
		else{
			$loggedin = false;
		}
		
		return $loggedin;
	}
	
	function CheckPermissions($mysql){
		if((isset($_COOKIE['username'])) && (isset($_COOKIE['password'])) && (isset($_COOKIE['session']))){ 
			$username = $_COOKIE['username'];
			$password = $_COOKIE['password'];
			$session = $_COOKIE['session'];
			$mysql->query("select permissions from users where username = '$username' and password = '$password' and session = '$session'");
			$perm = 0;
			while($perms = $mysql->fetcharray()){
				$perm = $perms['permissions'];
				break;
			}
			return $perm;
		}else{ return false; }
	}
	
	function DoLogin($mysql,$username,$password){
		
		$status = CheckLogin($mysql);
		if($status[0] == true){  $status = "loggedin"; }
		$password = sha1($password);
		
		$mysql->query("select * from users where username = '$username'");
		if($mysql->numrows()==0){
			$status = "nouser";
		}
		else{
			$mysql->query("select * from users where username = '$username' and password = '$password' and active=1");
			if($mysql->numrows()==0){
				$status = "wrongpass";
			}else{		
				setcookie("username",$username);
				setcookie("password",$password);
				$session = sha1(date("U").$username."x");
				setcookie("session",$session);
				
				$mysql->query("update users set session = '$session' where username = '$username'");
				$status = "success";
			}
		}
		return $status;
	}
	
	
	function DoLogout($mysql){
		
		$username = $_COOKIE['username'];
		$password = $_COOKIE['password'];
		$session = $_COOKIE['session'];
		
		$mysql->query("select * from users where username = '$username' and password = '$password'");
		if($mysql->numrows()==1){
			$mysql->query("update users set session = '' where username = '$username'");
		}
		
		setcookie("username","");
		setcookie("password","");
		setcookie("session","");
	}
	
	function DoRegister($mysql,$username,$password,$email){
		$mysql->query("select * from users where username = '$username'");
		if($mysql->numrows()==1){
			return "alreadyregged";
		}else{
			$mysql->query("select * from users where email = '$email'");
			if($mysql->numrows()==1){
				return "emailinuse";
			}else{
				$code = substr(sha1(date("U")),0,10);
				$lastip = "";
				$lastip = $_SERVER['REMOTE_ADDR'];
				$mysql->query("insert into users (username,password,email,session,lastip)values('$username','$password','$email','$code','$lastip')");
				
				$subject = "Thanks for registering at FileWi.re";
				$url = "http://filewi.re/register.php?do=confirm&code=$code";
				$message = "You are receiving this because you have registered at filewi.re. If you believe this is incorrect in some way, just trash this email.<br /><br />If you want to activate your account, click the link below.<br /><br /><a href=\"$url\">$url</a><br /><br /> Thanks and have fun!";
				$headers = "From: admin@filewi.re\nReply-To: admin@filewi.re\nContent-Type: text/html";
				mail($email,$subject,$message,$headers);
				return "success";
			}
		}
	}
	
	function DoRegisterConfirm($mysql,$code){
		$mysql->query("select * from users where session = '$code'");
		if($mysql->numrows()==0){
			return false;
		}else{
			$mysql->query("update users set active = 1 where session = '$code'");
			return true;
		}
	}

?>